package com.itheima.filter;

import com.alibaba.druid.util.StringUtils;
import com.itheima.controller.ValidateCodeController;
import com.itheima.exception.ValidateCodeException;
import com.itheima.pojo.CodeImage;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.web.bind.ServletRequestBindingException;
import org.springframework.web.bind.ServletRequestUtils;
import org.springframework.web.context.request.ServletWebRequest;
import org.springframework.web.filter.OncePerRequestFilter;

import javax.servlet.*;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @Author Chris
 * @Date 2020/9/27 12:29
 */
public class ValidateCodeFilter extends OncePerRequestFilter {
    @Autowired
    private AuthenticationFailureHandler authenticationFailureHandler;

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
            throws ServletException, IOException {

        //对有cookie的放行
        Cookie[] cookies = request.getCookies();
        if (cookies!=null){
            for (int i = 0; i < cookies.length; i++) {
                String key = cookies[i].getName();
                boolean flag = key.equals("remember-me");
                if (flag){
                    filterChain.doFilter(request,response);
                    return;
                }
            }
        }
        if("/login.do".equals(request.getRequestURI())&&
                "post".equalsIgnoreCase(request.getMethod())){
            try {
                validate(new ServletWebRequest(request));
            } catch (ValidateCodeException exception) {
                authenticationFailureHandler.onAuthenticationFailure(request, response, exception);
                return;
            }
        }
        filterChain.doFilter(request, response);

    }

    private void validate(ServletWebRequest request) throws ServletRequestBindingException, ValidateCodeException {
        CodeImage codeInSession = (CodeImage) request.getRequest().getSession().getAttribute(ValidateCodeController.SESSION_KEY);
        String codeInRequest = ServletRequestUtils.getStringParameter(request.getRequest(), "codeImage");

        if(StringUtils.isEmpty(codeInRequest)){
            throw new ValidateCodeException("验证码的值不能为空");
        }

        if(codeInSession==null){
            throw new ValidateCodeException("验证码不存在");
        }

        if (codeInSession.isExpried()) {
            request.getRequest().getSession().removeAttribute( ValidateCodeController.SESSION_KEY);
            throw new ValidateCodeException( "验证码已过期");
        }

        if (!codeInRequest.equals(codeInSession.getCode())) {
            throw new ValidateCodeException( "验证码不匹配");
        }

        request.getRequest().getSession().removeAttribute( ValidateCodeController.SESSION_KEY);
    }

}
